Disable Password Reset In WordPress

If you run WordPress and are tired of having script kiddies clicking the “forgot password” link and getting emails, just disable it by editing your .htaccess file. If you’re running your own instance you don’t need it anyway.

<IfModule mod_rewrite.c>
RewriteEngine On


RewriteCond %{QUERY_STRING} action=lostpassword
RewriteRule (.*) $1? [R=permanent]

Leave a Reply

Your email address will not be published. Required fields are marked *